SMTP Help

Megadeth4168Megadeth4168 Member Posts: 2,157
OK, this is just weird.... So, I set up a new laptop for an employee here, they work from home and have been for the past few years.

I copied all the settings from old machine over and connected the computer up... Directly to the cable modem as the old one was... The next day The user was saying that outgoing email was not working.

So, they brought the laptop in, I took it to a building we have that also has a Comcast connection and I had no problems at all. I proceeded to run AV scans, Spyware scans and reinstalled NIC drivers, checked hots file, checked firewall settings, flushed dns.... Ect....

Anyway, since I had no problem I gave it back to the user thinking that maybe at the time their connection was just down.

Again I get a call telling me it's not working. So I go out there and sure enough I can't send Email...

very confusing since I was able to send with no problems from another comcast connection...

The error code I kept getting was socket error 10060 with another code 0x800CCC0E

I any suggestion from related searches to resolve the issue, nothing helped.

One more thing... I was able to ping pop.comcast.net with no issues, when I tried to ping smtp.comcast.net I 3 timeouts with one Destination unreachable.

I'm going to Call Comcast tomorrow unless someone has a better suggestion.

Comments

  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,675 Admin
    The error code I kept getting was socket error 10060 with another code 0x800CCC0E
    Winsock error 10060 is a connection timeout: http://support.ipswitch.com/kb/WSK-19980714-EM32.htm . Error 0x800CCC0E is also a connection timeout caused by the Winsock timeout.

    For an email client, this would indicate that it can't connect to remote port 25 (sending email) or 110 (receiving email) of the email server. If the email server is not down, there is also the possibility that a software firewall or email scanning program running on the computer is blocking the connection. Because the email client worked on one network and not the other, I would think there's a user or group policy setting at fault, or perhaps just a missing or incorrect proxy setting.
  • binarysoulbinarysoul Member Posts: 993
    Did you trace the smtp server? Looks like a routing issue. I don't think their SMTP server would be down, but if you couldn't ping the server (which sometimes you can't as ICMP may be blocked), try telneting to port 25; when you do, you may be told Socket 10060, so as JD pointed out it may be a WINSOCK issue...
  • shednikshednik Member Posts: 2,005
    were there any changes to the exchange server recently ??? this happened to in house users with a similar error message when our sys admin added another NIC to one of the exchange servers and the extra IP address mades some issues with dns and the exchange server to make it properly function....once the second nic was disabled all was well...I'm not sure of the exact configs he made to make this happen tho crash.gif
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSOM GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,675 Admin
    The email client worked when the computer was at one point on the Internet, but not at another. The email server could be behind a firewall that only accepts traffic from a specific IP address or range.
  • SWMSWM Member Posts: 287
    as binarysoul said try telneting to their mail server, i.e "telnet mail.xyz.com 25" and see if you get a reply.

    I had a similar problem on a server last week that could email some servers and not all. It was a DNS error. It was able to resolve www.xyz.com but could not find the mx record for the site due to the DNS problems.
    Good Luck
    Isn't Bill such a Great Guy!!!!
  • SchluepSchluep Member Posts: 346
    I had the same thing happen with Comcast 5 days ago, only the user was ME. I have four different e-mail accounts I use from home through Windows Mail (the new Outlook Express with Vista). This problem only affected outbound mail traffic for two of my four e-mail addresses, including my @comcast.net account that I use and also one of my business mail accounts. I recieved the exact same error you did.

    I could send SMTP e-mail using other Comcast connections, but the one from my home. In trying to resolve this issue I found that Comcast blocks access to smtp.comcast.net on port 25 for anyone they believe to be a spammer. I don't know how I became flagged as a spammer (since I am not one). The idea (poor one in my opinion) behind blocking access on port 25 is that their server also allows SMTP connections on port 587. They figure that anyone sending spam all over the place using their mail server would not know to change the port. I had to change the port to 587 for stmp.comcast.net to use with my @comcast.net address and it resolved the issue.

    I have not yet found a way to restore outbound e-mail traffic on my one business account that stopped working as well however. It is something I will have to look into more tonight. Thankfully it has a web interface I have been logging into to send e-mail (and I already recieve copies of all my e-mail to file my responses with the messages so I am still maintaining my copies that would normally be sent through Windows mail). It is definitely something I intend to find a way to fix this weekend as it is a real hassle to log into the web interface everytime I want to send a message and I need to press forward on Windows mail to copy and paste the body of the message below my reply on the web interface. The provider of my business address only allows connections to port 25 and they require authentication. Who knows, perhaps Comcast doesn't look this and has chosen to block it which will be a major issue if I cannot find a work-around. Unless you can use an alternate port with your companies mail server you may be in the same boat I am on this one.
  • Megadeth4168Megadeth4168 Member Posts: 2,157
    Schluep, I think that has got to be it. I will be calling Comcast to find out if this is the case.

    For the heck of it, I fired up the users old laptop and ran a full virus scan and found that it had Trojan.Peacomm on it. So it's probable that his Cable Modem IP was flagged before he even go the new laptop.

    I'll be heading back to the users house today to resolve this.

    I forgot to mention in my first post that I ran winsockxpfix and that there is nothing special about the users home connection. The user is connected directly into the cable modem. The user does not even connect to our network.

    I will keep you all posted!

    Thanks for all the suggestions and help!
  • Megadeth4168Megadeth4168 Member Posts: 2,157
    Thank you Schluep! You were correct, I had to switch the users SMTP port to 587.

    You know what would have helped me out a great deal to begin with though? The user actually showing me the email from Comcast before working on this thing... It was not until I mentioned about them be blacklisted that they said "Oh, Yeah! By the way..." and showed me an email stating that there was a lot of spam coming from their machine and that Comcast had taken measures against this....

    On this email was also a link on changing the port number. Go figure.
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Schluep wrote:
    In trying to resolve this issue I found that Comcast blocks access to smtp.comcast.net on port 25 for anyone they believe to be a spammer. I don't know how I became flagged as a spammer (since I am not one). The idea (poor one in my opinion) behind blocking access on port 25 is that their server also allows SMTP connections on port 587.

    You may have become flagged as a spammer because of a virus/spyware/malware that turned your machine into an open relay, or an incorrectly configured email server you are running on your home network. Good old Exchange 2000 had the problem of enabling open relay when you set up the SMTP connector. I had a few customers who set up an exchange server themselves, then became blacklisted because they had open relay without knowing it.
    The only easy day was yesterday!
  • SchluepSchluep Member Posts: 346
    Thank you Schluep! You were correct, I had to switch the users SMTP port to 587.

    You know what would have helped me out a great deal to begin with though? The user actually showing me the email from Comcast before working on this thing... It was not until I mentioned about them be blacklisted that they said "Oh, Yeah! By the way..." and showed me an email stating that there was a lot of spam coming from their machine and that Comcast had taken measures against this....

    On this email was also a link on changing the port number. Go figure.

    I wish I would have received such an e-mail. I spent a while trying to figure out what was going on and still haven't received such a warning.
    dtlokee wrote:
    You may have become flagged as a spammer because of a virus/spyware/malware that turned your machine into an open relay, or an incorrectly configured email server you are running on your home network. Good old Exchange 2000 had the problem of enabling open relay when you set up the SMTP connector. I had a few customers who set up an exchange server themselves, then became blacklisted because they had open relay without knowing it.

    The only thing I can think of was when I was testing some PHP script I was working on that would generate an e-mail to the user through the mail() function. I was testing it on a Debian computer running Apache with PHP/MySQL/Sendmail installed and configured. The mail it should have generated never appeared and I didn't want to take the time troubleshoot it so I just tested it at the office the next day and it worked fine there. I figured something with Sendmail was not configured properly or it was blocked by the ISP, but I never imagined this could happen as a result. I still don't know if the two events are connected, but it is the only thing I can think of at the time. My machines are all clean and behind application level firewalls plus my wireless router, although I did let a friend connect to my network that may have had an infected machine (only on three seperate occassions for a few hours).

    Any ideas for a work around to use with that other mail server that only accepts connections on Port 25 for my business e-mail before I start fumbling with it all weekend?
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    Once you have fixed the problems you can contact Comcast, they will test your connection to see if it's still setting off their IPS and if it's clean they will re-open port 25 for you. You may want to toss wireshark inline between your firewall and cable modem to see if there's any traffic there you don't expect.
    The only easy day was yesterday!
  • SchluepSchluep Member Posts: 346
    dtlokee wrote:
    Once you have fixed the problems you can contact Comcast, they will test your connection to see if it's still setting off their IPS and if it's clean they will re-open port 25 for you. You may want to toss wireshark inline between your firewall and cable modem to see if there's any traffic there you don't expect.

    I'll test everything again tonight to be on the safe side and give them a call. I am guessing my Sendmail messages generated through PHP caused the problem. Thanks!
Sign In or Register to comment.